Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on the day's biggest business stories
Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Joe Biden speaking in Atlanta on Dec. 15. Photo: Jim Watson/AFP via Getty Images
President-elect Biden on Thursday said that a suspected Russian cyberattack on multiple government agencies and U.S. companies "is a matter of great concern" and promised to impose "substantial costs" to those responsible for the attack.
Driving the news: Biden's statement came just hours after the Cybersecurity and Infrastructure Agency alerted that evidence suggested that additional malware was used in what it described as “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
Context: The cybersecurity firm FireEye said last week that its systems had been hacked by nation-state actors and that its clients, which include the U.S. government, had been placed at risk.
- SolarWinds, which provides software to the government and corporations, also discovered a breach in its systems this week, allowing hackers to access information from multiple agencies and companies — including the Treasury, Commerce and Homeland Security departments.
What they're saying: "I have instructed my team to learn as much as we can about this breach, and Vice President-elect Harris and I are grateful to the career public servants who have briefed our team on their findings and who are working around-the-clock to respond to this attack," Biden said on Thursday.
- "A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place."
- "We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation."
The big picture: President Trump has been largely silent about the attack, though the White House has held emergency meetings with officials across multiple agencies to address the breach, according to Bloomberg.
Thomas Bossert, Trump's former homeland security adviser, wrote in the New York Times on Wednesday, "The magnitude of this ongoing attack is hard to overstate."
- "It will take years to know for certain which networks the Russians control and which ones they just occupy."
Go deeper: Russian hacking group is behind Treasury and Commerce email breach